MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2
SHA3-384 hash: 23a617174858a009c4eb5b11702f16f4833e0b8d8042ee3d1ed8942ff3798fcadc4eff99686ed00d08f96910e9d9fa07
SHA1 hash: 11c1c0447eaa7d06d3ca9a580132a248a88ec4cf
MD5 hash: d0c854ec586c654f71ea27b04cb79111
humanhash: autumn-pasta-charlie-berlin
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'228 bytes
First seen:2026-01-04 19:28:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:6j+ELbMsVEcGLNIZEtHDEVKT0CEHZ/EOFELF9S5P3E3e+bEKCeEz3gE1FdEk8jn:g14EQ6BF2S5EeO4rJ8j
TLSH T15821F2CF6074B96A5048CF4131E216C975F8CAE5E6708E279E9478F785C86073638EDB
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.28/Fantazy/Fantazy.arm45f4ead21261a4872c7bbdc341a3cab2d09a881bc1ca20a78f3cbe3800cd54f0d Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.arm59df7c2bebdee16b4907509ea8cdfc4128a8c2c0fb21156ed8105db2cf8f4ecf2 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.arm69c6625a0a04aee9ac1fe10d55edc2f0aa77f66593916a10cb8314ad29457edeb Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.arm748b94eff6e2031ce3fd8f0c605917b5a55b26a2d9e1800b9612758189e794631 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.m68k4b6f0caf42dc42e3f8f4e7adc9a93435cb27d604df131e19503be23fbc955826 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.mips9997ba3aad89be8f8371620b5b841eaa71da6f32368d84363bab6dd57303929c Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.mpsleeb8b37ab92777cbe5c49834cc044393207e0b745a0e2d0806b7da4e6292000b Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.ppc1f0a93ffbe48da5f9d8188060be1d5ce128fdc1545c2077a22bff830b19302cf Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.sh469a6fc590d0f527d1c6e04a9cf1c84eb52ca88de7867e8e8cf31b0b67d94eb70 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.spcd1d3129a68b9da3ed82981110c4d48721d47a176134b004e4e34544d1e2b1cd9 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.x86ad613cf0f480c1c00f15379fc0df01af6d6c14309c9d0e452bd5e71ec6342c0f Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.x86_645443d764e399f0cd44ef17ea0940db73fc635045faa26f0ce8a4d8b3453b5988 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/695abf8c2fb7bb52ca86cf3c/reports/c59831a4-5a34-4df9-a75c-73c6c2981bae/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-04T16:35:00Z UTC
Last seen:
2026-01-04T18:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4ddec6b1-e763-4a37-a1aa-f38a3c11e415
Behavior Graph:
Download SVG
%3 guuid=0cb41bbe-1800-0000-3ed4-7819c40a0000 pid=2756 /usr/bin/sudo guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758 /tmp/sample.bin guuid=0cb41bbe-1800-0000-3ed4-7819c40a0000 pid=2756->guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758 execve guuid=5543a0c0-1800-0000-3ed4-7819c70a0000 pid=2759 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=5543a0c0-1800-0000-3ed4-7819c70a0000 pid=2759 execve guuid=3a0273c8-1800-0000-3ed4-7819d50a0000 pid=2773 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=3a0273c8-1800-0000-3ed4-7819d50a0000 pid=2773 execve guuid=cba8b5c8-1800-0000-3ed4-7819d60a0000 pid=2774 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=cba8b5c8-1800-0000-3ed4-7819d60a0000 pid=2774 clone guuid=deab5bc9-1800-0000-3ed4-7819d90a0000 pid=2777 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=deab5bc9-1800-0000-3ed4-7819d90a0000 pid=2777 execve guuid=d4109ccd-1800-0000-3ed4-7819e10a0000 pid=2785 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=d4109ccd-1800-0000-3ed4-7819e10a0000 pid=2785 execve guuid=5bb4e1cd-1800-0000-3ed4-7819e20a0000 pid=2786 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=5bb4e1cd-1800-0000-3ed4-7819e20a0000 pid=2786 clone guuid=b5f788ce-1800-0000-3ed4-7819e40a0000 pid=2788 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=b5f788ce-1800-0000-3ed4-7819e40a0000 pid=2788 execve guuid=797b84d3-1800-0000-3ed4-7819ef0a0000 pid=2799 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=797b84d3-1800-0000-3ed4-7819ef0a0000 pid=2799 execve guuid=4c28c8d3-1800-0000-3ed4-7819f00a0000 pid=2800 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=4c28c8d3-1800-0000-3ed4-7819f00a0000 pid=2800 clone guuid=067e54d4-1800-0000-3ed4-7819f30a0000 pid=2803 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=067e54d4-1800-0000-3ed4-7819f30a0000 pid=2803 execve guuid=1007b1da-1800-0000-3ed4-7819fb0a0000 pid=2811 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=1007b1da-1800-0000-3ed4-7819fb0a0000 pid=2811 execve guuid=4da3eeda-1800-0000-3ed4-7819fd0a0000 pid=2813 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=4da3eeda-1800-0000-3ed4-7819fd0a0000 pid=2813 clone guuid=4e8d5cdc-1800-0000-3ed4-7819020b0000 pid=2818 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=4e8d5cdc-1800-0000-3ed4-7819020b0000 pid=2818 execve guuid=b5e012e1-1800-0000-3ed4-78190e0b0000 pid=2830 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=b5e012e1-1800-0000-3ed4-78190e0b0000 pid=2830 execve guuid=4d944ee1-1800-0000-3ed4-7819100b0000 pid=2832 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=4d944ee1-1800-0000-3ed4-7819100b0000 pid=2832 clone guuid=bbc2fae1-1800-0000-3ed4-7819120b0000 pid=2834 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=bbc2fae1-1800-0000-3ed4-7819120b0000 pid=2834 execve guuid=eca5fbe6-1800-0000-3ed4-78191e0b0000 pid=2846 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=eca5fbe6-1800-0000-3ed4-78191e0b0000 pid=2846 execve guuid=cadf3ae7-1800-0000-3ed4-7819200b0000 pid=2848 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=cadf3ae7-1800-0000-3ed4-7819200b0000 pid=2848 clone guuid=a986bfe7-1800-0000-3ed4-7819230b0000 pid=2851 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=a986bfe7-1800-0000-3ed4-7819230b0000 pid=2851 execve guuid=26f6d0ec-1800-0000-3ed4-7819310b0000 pid=2865 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=26f6d0ec-1800-0000-3ed4-7819310b0000 pid=2865 execve guuid=c66d0ded-1800-0000-3ed4-7819330b0000 pid=2867 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=c66d0ded-1800-0000-3ed4-7819330b0000 pid=2867 clone guuid=16ce19ed-1800-0000-3ed4-7819340b0000 pid=2868 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=16ce19ed-1800-0000-3ed4-7819340b0000 pid=2868 execve guuid=732a5af2-1800-0000-3ed4-78193f0b0000 pid=2879 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=732a5af2-1800-0000-3ed4-78193f0b0000 pid=2879 execve guuid=965099f2-1800-0000-3ed4-7819410b0000 pid=2881 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=965099f2-1800-0000-3ed4-7819410b0000 pid=2881 clone guuid=a7c648f4-1800-0000-3ed4-7819480b0000 pid=2888 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=a7c648f4-1800-0000-3ed4-7819480b0000 pid=2888 execve guuid=172caef8-1800-0000-3ed4-7819560b0000 pid=2902 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=172caef8-1800-0000-3ed4-7819560b0000 pid=2902 execve guuid=3291eaf8-1800-0000-3ed4-7819580b0000 pid=2904 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=3291eaf8-1800-0000-3ed4-7819580b0000 pid=2904 clone guuid=118569f9-1800-0000-3ed4-78195b0b0000 pid=2907 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=118569f9-1800-0000-3ed4-78195b0b0000 pid=2907 execve guuid=e93ea8fd-1800-0000-3ed4-7819690b0000 pid=2921 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=e93ea8fd-1800-0000-3ed4-7819690b0000 pid=2921 execve guuid=4274effd-1800-0000-3ed4-78196b0b0000 pid=2923 /usr/bin/dash guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=4274effd-1800-0000-3ed4-78196b0b0000 pid=2923 clone guuid=79ca94ff-1800-0000-3ed4-7819710b0000 pid=2929 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=79ca94ff-1800-0000-3ed4-7819710b0000 pid=2929 execve guuid=53085504-1900-0000-3ed4-78197d0b0000 pid=2941 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=53085504-1900-0000-3ed4-78197d0b0000 pid=2941 execve guuid=35fbb704-1900-0000-3ed4-78197f0b0000 pid=2943 /home/sandbox/Fantazy.x86 net guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=35fbb704-1900-0000-3ed4-78197f0b0000 pid=2943 execve guuid=2ef62605-1900-0000-3ed4-7819860b0000 pid=2950 /usr/bin/wget net send-data write-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=2ef62605-1900-0000-3ed4-7819860b0000 pid=2950 execve guuid=6a2dc00b-1900-0000-3ed4-7819900b0000 pid=2960 /usr/bin/chmod guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=6a2dc00b-1900-0000-3ed4-7819900b0000 pid=2960 execve guuid=e43b420c-1900-0000-3ed4-7819920b0000 pid=2962 /home/sandbox/Fantazy.x86_64 net guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=e43b420c-1900-0000-3ed4-7819920b0000 pid=2962 execve guuid=317ccb37-1a00-0000-3ed4-7819660d0000 pid=3430 /usr/bin/rm delete-file guuid=0bba61c0-1800-0000-3ed4-7819c60a0000 pid=2758->guuid=317ccb37-1a00-0000-3ed4-7819660d0000 pid=3430 execve b6a64ba0-71d1-5d3d-a9f9-c19471e8250a 130.12.180.28:80 guuid=5543a0c0-1800-0000-3ed4-7819c70a0000 pid=2759->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=deab5bc9-1800-0000-3ed4-7819d90a0000 pid=2777->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=b5f788ce-1800-0000-3ed4-7819e40a0000 pid=2788->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=067e54d4-1800-0000-3ed4-7819f30a0000 pid=2803->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=4e8d5cdc-1800-0000-3ed4-7819020b0000 pid=2818->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=bbc2fae1-1800-0000-3ed4-7819120b0000 pid=2834->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=a986bfe7-1800-0000-3ed4-7819230b0000 pid=2851->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 148B guuid=16ce19ed-1800-0000-3ed4-7819340b0000 pid=2868->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 147B guuid=a7c648f4-1800-0000-3ed4-7819480b0000 pid=2888->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 147B guuid=118569f9-1800-0000-3ed4-78195b0b0000 pid=2907->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 147B guuid=79ca94ff-1800-0000-3ed4-7819710b0000 pid=2929->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 147B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=35fbb704-1900-0000-3ed4-78197f0b0000 pid=2943->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1e7be904-1900-0000-3ed4-7819800b0000 pid=2944 /home/sandbox/Fantazy.x86 guuid=35fbb704-1900-0000-3ed4-78197f0b0000 pid=2943->guuid=1e7be904-1900-0000-3ed4-7819800b0000 pid=2944 clone guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945 /home/sandbox/Fantazy.x86 net send-data zombie guuid=35fbb704-1900-0000-3ed4-78197f0b0000 pid=2943->guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945 clone guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 9bff2e1e-4e84-5ecd-918a-a1cdd4202ef3 130.12.180.28:63645 guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945->9bff2e1e-4e84-5ecd-918a-a1cdd4202ef3 send: 40B guuid=e29cfe04-1900-0000-3ed4-7819830b0000 pid=2947 /home/sandbox/Fantazy.x86 guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945->guuid=e29cfe04-1900-0000-3ed4-7819830b0000 pid=2947 clone guuid=fe4a0205-1900-0000-3ed4-7819840b0000 pid=2948 /home/sandbox/Fantazy.x86 guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945->guuid=fe4a0205-1900-0000-3ed4-7819840b0000 pid=2948 clone guuid=ac9e0505-1900-0000-3ed4-7819850b0000 pid=2949 /home/sandbox/Fantazy.x86 net net-scan send-data guuid=2665ef04-1900-0000-3ed4-7819810b0000 pid=2945->guuid=ac9e0505-1900-0000-3ed4-7819850b0000 pid=2949 clone guuid=ac9e0505-1900-0000-3ed4-7819850b0000 pid=2949->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ac9e0505-1900-0000-3ed4-7819850b0000 pid=2949|send-data send-data to 160 IP addresses review logs to see them all guuid=ac9e0505-1900-0000-3ed4-7819850b0000 pid=2949->guuid=ac9e0505-1900-0000-3ed4-7819850b0000 pid=2949|send-data send guuid=2ef62605-1900-0000-3ed4-7819860b0000 pid=2950->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 150B guuid=e43b420c-1900-0000-3ed4-7819920b0000 pid=2962->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 349af0aa-1d52-5b54-ab86-2f426b84e968 0.0.0.0:59025 guuid=e43b420c-1900-0000-3ed4-7819920b0000 pid=2962->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=e45a9937-1a00-0000-3ed4-7819600d0000 pid=3424 /home/sandbox/Fantazy.x86_64 guuid=e43b420c-1900-0000-3ed4-7819920b0000 pid=2962->guuid=e45a9937-1a00-0000-3ed4-7819600d0000 pid=3424 clone guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425 /home/sandbox/Fantazy.x86_64 net send-data zombie guuid=e43b420c-1900-0000-3ed4-7819920b0000 pid=2962->guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425 clone guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425->9bff2e1e-4e84-5ecd-918a-a1cdd4202ef3 send: 22B guuid=39b9ad37-1a00-0000-3ed4-7819620d0000 pid=3426 /home/sandbox/Fantazy.x86_64 guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425->guuid=39b9ad37-1a00-0000-3ed4-7819620d0000 pid=3426 clone guuid=0dc7b237-1a00-0000-3ed4-7819630d0000 pid=3427 /home/sandbox/Fantazy.x86_64 zombie guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425->guuid=0dc7b237-1a00-0000-3ed4-7819630d0000 pid=3427 clone guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429 /home/sandbox/Fantazy.x86_64 net net-scan send-data zombie guuid=f920a337-1a00-0000-3ed4-7819610d0000 pid=3425->guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429 clone guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con a42bbdbb-67fd-5e77-a163-6ea955208b22 111.93.37.225:23 guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429->a42bbdbb-67fd-5e77-a163-6ea955208b22 send: 423B 0f4f5bcb-db1b-5638-8792-f234b3c72f15 1.12.218.148:23 guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429->0f4f5bcb-db1b-5638-8792-f234b3c72f15 send: 40B df567d0e-db24-5ec9-a88a-f6e76e5b68c7 68.93.68.22:23 guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429->df567d0e-db24-5ec9-a88a-f6e76e5b68c7 send: 40B guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429|send-data send-data to 4012 IP addresses review logs to see them all guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429->guuid=2523bd37-1a00-0000-3ed4-7819650d0000 pid=3429|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-04 19:29:18 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yph5y5ijupo5zd7a2csgsmthrlfmup4r3nmzfg6g2rzyun5dxhja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-jdztsaxqfx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c3cfdc7509a3dddc8fe0d0a46932678acaca3f91db59929bc6d4738a37a3b9d2

(this sample)

Mirai

elf 80d861f704833e98ec956d78c29f5a7a34806b0460552f426444e4c6fbf61c07

  
URLhaus
https://urlhaus.abuse.ch/url/3746070/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3960fe1366f9bbefab396c92013b68c6
  
Dropping
SHA256 80d861f704833e98ec956d78c29f5a7a34806b0460552f426444e4c6fbf61c07

Comments